Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2012-0217

Description

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

POC

Reference

- http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

- http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

- https://www.exploit-db.com/exploits/28718/

- https://www.exploit-db.com/exploits/46508/

Github

- https://github.com/1o24er/RedTeam

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Al1ex/APT-GUID

- https://github.com/Al1ex/Red-Team

- https://github.com/Apri1y/Red-Team-links

- https://github.com/Ascotbe/Kernelhub

- https://github.com/Cruxer8Mech/Idk

- https://github.com/Echocipher/Resource-list

- https://github.com/Flerov/WindowsExploitDev

- https://github.com/Ondrik8/RED-Team

- https://github.com/Snoopy-Sec/Localroot-ALL-CVE

- https://github.com/alleleintel/research

- https://github.com/anoaghost/Localroot_Compile

- https://github.com/cranelab/exploit-development

- https://github.com/dabumana/Open-Security-Training-Architecture

- https://github.com/dk47os3r/hongduiziliao

- https://github.com/dyjakan/exploit-development-case-studies

- https://github.com/felixlinker/ifc-rv-thesis

- https://github.com/hasee2018/Safety-net-information

- https://github.com/hudunkey/Red-Team-links

- https://github.com/john-80/-007

- https://github.com/landscape2024/RedTeam

- https://github.com/lp008/Hack-readme

- https://github.com/lyshark/Windows-exploits

- https://github.com/nisadevi11/Localroot-ALL-CVE

- https://github.com/nobiusmallyu/kehai

- https://github.com/paulveillard/cybersecurity-exploit-development

- https://github.com/slimdaddy/RedTeam

- https://github.com/svbjdbk123/-

- https://github.com/twensoo/PersistentThreat

- https://github.com/xiaoZ-hc/redtool

- https://github.com/ycdxsb/WindowsPrivilegeEscalation

- https://github.com/yut0u/RedTeam-BlackBox